Effective date: July 1, 2026
Onley Law Professional Corporation (“Onley Law”, “we”, “us”, or “our”) respects your privacy and is committed to protecting the personal information we handle. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our website at onleylaw.ca and our legal services. We handle personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the applicable rules and guidance of the Law Society of Ontario, and our professional duty of confidentiality.
1. Scope of this Policy
This Policy applies to personal information we collect through our website, our online forms and tools, and in the course of providing legal services. “Personal information” means information about an identifiable individual. This Policy does not limit or replace our professional duties of confidentiality and privilege, which are described in section 9 and which are broader than this Policy.
2. Our Privacy Officer
We have designated Robert Onley as our Privacy Officer, responsible for our compliance with this Policy. You can reach the Privacy Officer using the contact details at the end of this Policy.
3. Personal information we collect
Depending on how you interact with us, we may collect:
- Contact and identity information, such as your name, email address, telephone number, business name, and role, when you complete a form, book a consultation, or contact us.
- Matter information, such as the details you provide about your legal needs and the documents you share with us.
- Client identification and verification information required by the Law Society of Ontario, such as government-issued identification, when we take you on as a client.
- Billing and payment information, such as invoice amounts and payment confirmations. Payment card details are processed by our third-party payment provider and are not stored by us.
- Signing and engagement information, such as the details you enter and the signature you provide when you review and sign our retainer agreement online.
- Technical and usage information, such as your IP address, browser type, pages viewed, and similar analytics information collected through cookies and similar technologies when you use our website.
4. How we use personal information
We use personal information to: respond to your inquiries and provide the legal services you request; carry out client identification, verification, and conflicts of interest checks; prepare, review, and deliver documents and advice; administer our practice, including billing, scheduling, records, and file management; operate, maintain, and improve our website; communicate with you, including sending information you have asked for; and comply with our legal, regulatory, and professional obligations.
5. Consent
We collect, use, and disclose personal information with your consent, except where the law permits or requires us to act without consent. You may withdraw your consent at any time, subject to legal and professional restrictions and to reasonable notice, by contacting our Privacy Officer. Withdrawing consent may prevent us from providing some or all of our services.
6. Our use of artificial intelligence
We use technology, including artificial intelligence (AI) tools, to help deliver legal services and operate our practice. We handle personal information used with these tools as follows:
- A licensed lawyer reviews and is responsible for our legal work. We do not delegate professional judgment to AI, and we verify AI-assisted work before relying on it.
- We may use AI tools to assist with drafting, research support, summarizing information, transcribing meetings and calls, and administrative tasks. Where we record or transcribe a meeting or call, we will tell you.
- We select and use AI and technology tools in a manner intended to protect the confidentiality and security of client and personal information. We do not enter client confidential information into public generative AI tools, and we do not permit client confidential information to be used to train third-party AI models.
- It is our policy to keep client personal information in Canada. Sections 7 and 8 describe how we work with service providers and where information is stored.
- We remain accountable for personal information that we transfer to a service provider, including an AI service provider, and we require the provider by contract to protect it with safeguards comparable to our own.
7. Service providers
We use third-party service providers to help us operate, including providers of website hosting and analytics, email and calendar, document management and electronic signature, client intake and billing, payment processing, identity verification, and AI and transcription tools. These providers are given only the personal information they need to perform their services for us, and they are required to protect it and to use it only for that purpose.
8. Storage and cross-border transfer
It is our policy to store the personal information of our clients, including matter files and documents, on servers located in Canada, and we choose our tools and settings with that objective in mind.
Some general website and administrative service providers may process limited technical information, such as an IP address or usage data, on servers outside Canada, including in the United States. When information is processed outside Canada, it is subject to the laws of that country, and courts, law enforcement, and regulatory authorities there may be able to access it under those laws. We remain responsible for personal information handled by our service providers and require them to protect it with safeguards comparable to our own.
9. Confidentiality and solicitor-client privilege
Where we act for you as your lawyers, the information you provide is also protected by our professional duty of confidentiality and, in many cases, by solicitor-client privilege. These protections are broader than this Privacy Policy and continue even after our work for you ends. Nothing in this Policy waives privilege or reduces our duty of confidentiality.
10. Cookies and analytics
Our website uses cookies and similar technologies to make the site work, to remember your preferences, and to understand how the site is used. We use website analytics to measure traffic and to improve our content. You can set your browser to refuse cookies or to alert you when cookies are being used, although some parts of the website may not work properly if you do.
11. Electronic communications
If we send you commercial electronic messages, such as newsletters or updates, we do so in accordance with Canada’s Anti-Spam Legislation (CASL). Every commercial electronic message we send will identify us and will include a way to unsubscribe.
12. Safeguards
We protect personal information using administrative, technical, and physical safeguards appropriate to its sensitivity, including access controls, secure systems, and confidentiality obligations for anyone who handles it on our behalf. No system is completely secure, but we take reasonable steps to protect the information in our care.
13. Retention
We keep personal information only as long as necessary for the purposes described in this Policy and to meet our legal, regulatory, and professional obligations, including the record-keeping and file-retention requirements that apply to lawyers in Ontario. When we no longer need personal information, we take steps to securely destroy, erase, or de-identify it.
14. Your rights: access and correction
Subject to legal and professional exceptions, you have the right to ask what personal information we hold about you, to ask how we have used and disclosed it, and to ask us to correct it if it is inaccurate. Some information may be withheld where the law requires or permits, for example where it is subject to solicitor-client privilege or would reveal personal information about another person. To make a request, contact our Privacy Officer.
15. If there is a data breach
If a breach of our security safeguards involving your personal information creates a real risk of significant harm to you, we will report and notify as required by PIPEDA and will take steps to reduce the risk of harm.
16. Third-party links
Our website may link to other websites that we do not control. This Policy does not apply to those websites. Please review the privacy policies of any third-party websites you visit.
17. Children
Our website and services are directed to businesses and to adults. We do not knowingly collect personal information from children.
18. Changes to this Policy
We may update this Policy from time to time. The version posted on this website is the current version and applies from its effective date. We encourage you to review it periodically.
19. How to contact us
For questions, requests, or complaints about privacy, contact our Privacy Officer:
Onley Law Professional Corporation, Attention: Robert Onley, Privacy Officer
2 Simcoe Street South, Suite 300, Oshawa, Ontario L1H 8C1
Telephone: 905-215-2156
Email: contact@onleylaw.ca
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.